Deauthorisation api

We read that we need to create a deauthorisation api end point as per in order to fulfil the requirements to publish our app.

However, we need to understand what Zoom expects us to do on our side when deauthorizing.
For example, we will assume that we need to remove data associated with the user that connects them to zoom, but do we also need to delete all the info with regards to meetings already created, past and future? Or is it sufficient to give the user the option to do this manually?

Hi @laura1, the Deauthorization Endpoint URL is a URL to which Zoom will notify you that a user has deauthorized your app.

When you receive a notification at this location, your app will need to respect the user’s preferences to keep or delete their data within your app/database. If a user requests you to delete their data, you should delete it from your records but not delete the meetings themselves.

Hello Michael, we are also breaking our heads on this deauthorisation routine, is there any sample code to understand how we can come about this function? It is not clear how we receive this information from zoom since there is no way to test it.
I tryed to use the production URL to authorize and then whent to marketplce to deauthorize but did’t get any response, only a message that its been deauthorized.

Hey @nassoft,

Here is an example of the deauth flow in Node.js:

Here are the docs (I will work improve them as soon as I can):


Hi Tommy,

Thanks so much for your quick reply. I wonder if you have any similar code in PHP .





Hey @nassoft,

Not for the webhook part, but for making the deauth request we do here: